Re: Programmatically installing Client Root Certificates
From: Sergio Dutra [MS] (sergio_at_online.microsoft.com)
Date: Fri, 9 Jul 2004 08:37:16 -0700
You install root certificates into the "root" store. "root" is the name you
pass in to CertOpenStore, then use CertAddCertificateContextToStore to add
the certificate to the root store.
Note that certificates in the root store must be self-signed. Also, the user
will get a dialog prompting for acceptance or rejection of the certificate
prior to it being installed. If the user rejects the certificate, it will
not be added to the root store.
-- This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm "kr" <firstname.lastname@example.org> wrote in message news:EE1020F2-5C09-4233-B816-7CC33654F936@microsoft.com... >I have come accross some CertXYZ API that I thought could be used to >install CA Root Certificates on the client machine. > > Assuming that these are the correct API for this purpose... > > what would be the correct certificate store that should be used to store > the root certificates? I have tried some sample code to enumerate > installed certs for store "CA" but I have noticed a bunch of store names > including "root" when I enumerated stores. > > I am assuming that once installed, this can be used to create the > CERT_CONTEXT to be passed in to the InternetSetOption to set the client > certificate. Perhaps the cert does not need to be installed but can simply > be used in the above mentioned API for SSL communication? > > Regardless, any pointers to some sample code to install root certificate/ > certificate chain would be greatly appreciated. > > Thanks for the help...